Re: [PATCH 1/2] fix auditctl -D

public inbox for linux-audit@redhat.com
 help / color / mirror / Atom feed

From: Steve Grubb <sgrubb@redhat.com>
To: linux-audit@redhat.com
Subject: Re: [PATCH 1/2] fix auditctl -D
Date: Tue, 2 May 2006 15:44:36 -0400	[thread overview]
Message-ID: <200605021544.36626.sgrubb@redhat.com> (raw)
In-Reply-To: <200604282235.k3SMZi02002180@faith.austin.ibm.com>

On Friday 28 April 2006 18:35, Joy Latten wrote:
> The fix for the problem of auditctl -D not working
> consists of two patches. One is the userspace patch
> and the other is for the kernel.

We still have a problem. This patch works around the problem but its still 
there. The problem is that getting a list results in ENOBUFS. This causes
"delete all" to fail. This patch avoids that problem because the list internal
to the kernel gets deleted. But what if you just want to list all the rules?
You still get a ENOBUFS.

execve("/home/sgrubb/working/BUILD/audit-1.2.2/src/auditctl"
...
socket(PF_NETLINK, SOCK_RAW, 9)         = 3
fcntl(3, F_SETFD, FD_CLOEXEC)           = 0
sendto(3, "\20\0\0\0\365\3\5\0\1\0\0\0\0\0\0\0", 16, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 16
poll([{fd=3, events=POLLIN, revents=POLLIN|POLLERR}], 1, 100) = 1
recvfrom(3, 0x7fff2a895330, 8476, 66, 0x7fff2a893170, 0x7fff2a89317c) = -1 ENOBUFS (No buffer space available)
write(2, "Error receiving audit netlink pa"..., 64Error receiving audit netlink packet (No buffer space available)) = 64
write(2, "\n", 1)                       = 1
write(2, "Error sending rule list request "..., 59Error sending rule list request (No buffer space available)) = 59
write(2, "\n", 1)                       = 1
close(3)                                = 0
exit_group(-1)                          = ?
Process 2608 detached

The very first recvfrom returns the error. The kernel needs to see that 
its about to fill the netlink buffers and reschedule the listing thread until
user space can drain the buffers. So, while -D is solved by this patch,
-l is not.

-Steve

     prev parent reply	other threads:[~2006-05-02 19:44 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-04-28 22:35 [PATCH 1/2] fix auditctl -D Joy Latten
2006-04-28 23:04 ` Steve Grubb
2006-05-02 19:44 ` Steve Grubb [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=200605021544.36626.sgrubb@redhat.com \
    --to=sgrubb@redhat.com \
    --cc=linux-audit@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox